LIVE WEBINAR:
Tracking Enterprise AI Adoption and Innovation Through Governance - June 5, 2025 | 2pm EST
Save Your Seat ->
As a global leader in financial services, Mastercard balances its commitment to innovation with a responsible approach to managing AI risks. This involves assessing and mitigating risks across thousands of models while navigating a complex regulatory and compliance environment. The proliferation of Generative AI further shifted the governance landscape, introducing challenges such as unknown reliability, unprecedented ease of access and demand for solutions, and novel risk profiles.
As the potential enterprise uses of Generative AI grew into hundreds of use cases, Mastercard recognized that manual risk mitigation processes would be time-consuming and could hinder innovation. To address this, Mastercard partnered with Credo AI to deliver a scalable, sustainable and highly reliable system of Generative AI governance.
As a global technology company in the payments sector, Mastercard’s mission is to power economies and empower people. In 2023, Mastercard’s network facilitated more than 143 billion transactions in the blink of an eye. Across 210 countries, in more than 150 currencies, every time people swipe, tap, or dip their Mastercard it is because they trust their information is safe.
Mastercard has been powering its technologies using AI for decades and has integrated AI across its diverse business operations. The company uses AI to uncover differentiated insights, empower business operations, infuse intelligence into payments, and outsmart fraud.
With the advent of Generative AI in popular awareness, leaders across the company saw the potential to reinvent business practices with the support of Generative AI, and the number of use cases surged into the hundreds. Eager to remain at the forefront of applied AI, leaders were keen to move forward quickly, placing pressure on approvals and risk management processes. While the volume and velocity of use cases grew, Mastercard was challenged to review novel risk profiles in various supply chains.
Mastercard saw the challenges of scale; volume, velocity and variety, and saw an opportunity to introduce a streamlined governance process for Generative AI that would be quick, scalable and inclusive of varied risk profiles. To execute on this opportunity, Mastercard needed to find a partner who could empower them to quickly and reliably vet vendors, monitor ongoing compliance and stay abreast of any issues with current Generative AI applications, all while providing visibility into the internal and external use of Generative AI technologies.
To address this opportunity, Mastercard turned to Credo AI, an AI governance platform that streamlines responsible AI adoption by automating AI oversight, risk mitigation and regulatory compliance. Credo AI offers capabilities that enabled Mastercard to address the volume, velocity and variety of the company’s Generative AI needs.
Key features of the Credo AI Platform that accelerated Mastercard’s innovation and AI governance journey included:
With Generative AI, risks to the enterprise expanded to include enhanced security risks, IP risks, data exfiltration and reuse risks specific to Generative AI, and branding/tone of voice considerations. A broader group of risk management parties needed to be involved in assessing Generative AI solutions, and a central concern was how processes could be streamlined and communicated across this group.
Credo AI provided Mastercard with a centralized AI Registry for tracking all AI projects, including internally developed and third-party applications. This AI Registry became the place for tracking all Generative AI uses and tooling, and was used by risk and governance teams, stakeholders and executive leaders to understand Generative AI adoption across the enterprise.
Mastercard used Credo AI’s well-developed customization features to create a Generative AI intake questionnaire customized to their risk management profile. Mastercard’s product and use case owners applied this questionnaire to collect evidence for each use case in the AI Registry. Credo AI enabled Mastercard to easily implement their enterprise risk categorization framework. Credo AI used this evidence and the risk categorization framework to identify the risk category of each Generative AI use case, routed use cases to the right level of oversight, and oversaw risk management to ensure that appropriate process was executed upon for each use case.
Credo AI’s registry and automation tooling substantially reduced the time and effort involved to review new generative AI use cases across a broad set of risk management stakeholders. This allowed Mastercard’s AI Governance team to focus on their most important job: deciding which use cases should be approved, and what conditions should apply to those approvals.
As hundreds of Generative AI use cases moved through review and approval, Mastercard needed to manage and coordinate review and approval. The company wanted to move fast, and needed a solution that could reduce the time-to-governance for each use case.
Credo AI facilitated a faster and more centralized review process for new Generative AI use cases at Mastercard. When Mastercard’s product owners submit a new Use Case for review, Credo AI automatically manages to notify reviewers across the AI Governance, Security, Legal, Privacy, Brand, Technology and Strategy functions. When reviewers leave their feedback directly in Credo AI, this populates a persistent audit trail of reviews and approvals. When reviewers identified a risk or necessary guidance for the product owner, they were able to issue this guidance through Credo AI and secure acknowledgment from the product owner. These features enabled a broad team to work faster and more effectively than ever before to review Generative AI use cases and manage risk.
Third-party components are a key piece in Mastercard’s Generative AI adoption strategy, and the company leverages a broad range of externally developed Generative AI components, from third-party LLMs and SLMs, to fine-tuned and specific-purpose solutions, to development platforms that would let internal employees build and tune their own products.
Mastercard and Credo AI needed to manage a broader range of risks across a broader variety of products, and both parties saw the critical need to collect accurate, complete evidence from vendors. To serve this need, Credo AI launched the Credo AI Vendor Portal, which significantly transformed how Mastercard manages third-party relationships with AI vendors.
Through the Vendor Portal, Mastercard collects evidence directly from vendors, validates it for completeness and utility as part of the review process, and stores it alongside Mastercard’s own evaluations and assessments. The Vendor Portal has significantly reduced the amount of human effort involved in requesting and validating information from vendors, and enables Mastercard to vet the quality of vendor solutions more completely and accurately than ever before.
Using the Credo AI Platform, Mastercard is able to manage AI risk and responsibly implement generative AI – with better speed and scale than ever before. Features like AI Registry and Vendor Registry have allowed us to maintain control of all AI use cases, to ensure all of our AI at Mastercard aligns to our governance frameworks and principles.
The deployment of the Credo AI Platform and Credo AI’s long-standing partnership with Mastercard have empowered Mastercard to identify AI risks and issue risk mitigation guidance quickly, thoroughly and scalably. Areas where Mastercard has seen immediate benefits include:
The integration of the AI Registry and Vendor Portal eliminates a range of information management and communication tasks, reducing administrative burden, saving time and reducing risk of error. Initial risk assessments, evidence collection and guidance to teams have been automated, allowing for rapid scaling of Generative AI use initiatives without compromising risk management.
Credo’s AI Registry enables a broader set of stakeholders, including executive leaders, to more easily gain greater visibility into where and how Generative AI technologies were used across the organization. This increased visibility led to greater buy-in and trust across the organization.
The Platform is a collaborative environment where all stakeholders— executives and reviewers, business and technical owners, and vendors—could interact seamlessly. The platform enabled faster, scalable submission, review, and approval of Generative AI use cases.
The Platform gave Mastercard the tools necessary to maintain strict control and oversight over Generative AI usage, aligning with the enterprise’s broader goals for innovation governance. These tools are crucial for managing the ethical, regulatory, and practical implications of deploying advanced AI technologies in a global financial services entity.
Mastercard and Credo AI share a common vision and mission to innovate responsibility and govern AI within its operations, exemplifying how innovative AI governance solutions can drive efficiency, enhance oversight, and facilitate compliance on a large scale. Mastercard is a frontrunner in operationalized AI Governance, working to ensure the ethical, responsible, and human-centric development and use of AI. The company launched its Data & Tech Responsibility Principles, centered around privacy and security, transparency, accountability, fairness, and inclusion. These principles guide how Mastercard handles data and technology, including AI, globally.
Both Mastercard and Credo AI share values, and interests, and want to solve problems for real people. Their partnership has been characterized by a desire to co-innovate responsibly.
Inventory your AI use cases and operationalize contextual AI governance across your entire enterprise in one scalable platform.
Learn more about the AI Governance Academy, and learn from the Credo AI team—pioneers in AI governance and Responsible AI.
